IAHSS BASIC OFFICER CERTIFICATION EXAM HEALTHCARE SECURITY (2026/2027) |
FINAL COMPLETE
International Association for Healthcare Security & Safety (IAHSS) Basic Officer Certification
Examination | Core Domains: Healthcare Security Officer Roles & Responsibilities, Legal Aspects & Use
of Force in Healthcare, Emergency Preparedness & Response (Codes, Drills), Access Control & Key
Management, Patrol & Investigation Procedures, Patient Assistance & De-escalation Techniques, Infant
& Pediatric Security, Workplace Violence Prevention, and Fire Safety & Life Safety Codes | Healthcare
Security Focus | Professional Certification Exam Format
Exam Structure
The IAHSS Basic Officer Certification Exam for the 2026/2027 certification cycle is a 100-question,
multiple-choice question (MCQ) examination.
Introduction
This IAHSS Basic Officer Certification Exam guide for the 2026/2027 cycle prepares healthcare security
personnel for the foundational certification examination. The content tests knowledge of industry-specific
protocols, legal frameworks, emergency response, and best practices for maintaining safety and security
in the unique environment of healthcare facilities, as established by IAHSS standards.
Answer Format
All correct answers and security protocols must be presented in bold and green, followed by detailed
rationales that reference IAHSS industry guidelines, healthcare-specific legal frameworks (e.g., EMTALA,
HIPAA), NFPA life safety codes, and best practices for de-escalation, access control, and violence
prevention in clinical settings.
Questions (100 Total)
1. What is the primary role of a healthcare security officer?
A. To enforce criminal law like a police officer
B. To protect patients, staff, visitors, and property while supporting the healing
environment
C. To perform medical procedures during emergencies
D. To manage hospital finances
Rationale: According to IAHSS, the core mission of healthcare security is to ensure a safe, secure, and
therapeutic environment. Officers support clinical care by preventing disruptions, managing risks, and
responding to incidents—always prioritizing patient dignity and facility operations over enforcement.
,2. Under EMTALA, a security officer must allow which individual immediate access to the emergency
department?
A. A visitor with a gift
B. Anyone requesting a medical screening exam, regardless of ability to pay
C. Only patients with insurance
D. Staff members only
Rationale: The Emergency Medical Treatment and Labor Act (EMTALA) mandates that any
individual who comes to an emergency department and requests examination must receive a medical
screening exam. Security may not deny access based on payment status, behavior (unless violent), or
lack of identification.
3. When responding to a “Code Silver” (active shooter), the officer’s first priority is to:
A. Evacuate all patients immediately
B. Engage the threat to stop the killing
C. Lock all doors and hide
D. Call local law enforcement and wait
Rationale: Per IAHSS and DHS active shooter protocols, the immediate priority is to stop the killing.
Trained security officers are expected to move toward the threat to neutralize it, following the
“Run-Hide-Fight” model where “Fight” is the last resort but necessary when lives are at immediate risk.
4. Which action violates HIPAA when handling patient information?
A. Discussing a patient’s condition in a private office with the care team
B. Sharing a patient’s room number with an unverified caller
C. Documenting observations in the security log
D. Escorting a family member to the correct unit after verification
Rationale: HIPAA protects all protected health information (PHI), including location. Room numbers
should not be disclosed without verifying the caller’s identity and relationship to the patient.
Unauthorized disclosure can result in fines and disciplinary action.
5. During fire evacuation, the RACE protocol stands for:
, A. Run, Alert, Contain, Extinguish
B. Rescue, Alarm, Contain, Extinguish/Evacuate
C. Report, Assess, Call, Exit
D. Remove, Activate, Close, Escape
Rationale: RACE is the standard fire response in healthcare: Rescue patients in immediate danger,
Alarm (activate pull station), Contain (close doors/windows), and Extinguish if safe or Evacuate if not.
This aligns with NFPA 101 Life Safety Code requirements for healthcare facilities.
6. An infant abduction prevention measure includes:
A. Allowing unrestricted visitor access to nurseries
B. Using electronic tracking bracelets on all newborns and mothers
C. Posting birth announcements with full names
D. Leaving bassinets unattended in hallways
Rationale: IAHSS recommends electronic infant protection systems (e.g., ankle bracelets that trigger
alarms if removed or near exits). Additional measures include staff education, visitor screening, and
never leaving infants unattended. These are critical components of hospital security plans.
7. When de-escalating an agitated patient, the officer should:
A. Stand directly in front of the person and speak loudly
B. Use calm tone, open posture, and give simple choices
C. Immediately apply physical restraints
D. Ignore the behavior until it escalates
Rationale: Verbal de-escalation is the first-line response per IAHSS. Maintain a non-threatening
stance, use empathy (“I see you’re upset”), and offer limited choices (“Would you like to sit or walk with
me?”). Restraints are a last resort and require clinical authorization.
8. Which key control practice is essential in healthcare security?
A. Leaving master keys on desks for easy access
B. Maintaining a log of all key issuance and returns
FINAL COMPLETE
International Association for Healthcare Security & Safety (IAHSS) Basic Officer Certification
Examination | Core Domains: Healthcare Security Officer Roles & Responsibilities, Legal Aspects & Use
of Force in Healthcare, Emergency Preparedness & Response (Codes, Drills), Access Control & Key
Management, Patrol & Investigation Procedures, Patient Assistance & De-escalation Techniques, Infant
& Pediatric Security, Workplace Violence Prevention, and Fire Safety & Life Safety Codes | Healthcare
Security Focus | Professional Certification Exam Format
Exam Structure
The IAHSS Basic Officer Certification Exam for the 2026/2027 certification cycle is a 100-question,
multiple-choice question (MCQ) examination.
Introduction
This IAHSS Basic Officer Certification Exam guide for the 2026/2027 cycle prepares healthcare security
personnel for the foundational certification examination. The content tests knowledge of industry-specific
protocols, legal frameworks, emergency response, and best practices for maintaining safety and security
in the unique environment of healthcare facilities, as established by IAHSS standards.
Answer Format
All correct answers and security protocols must be presented in bold and green, followed by detailed
rationales that reference IAHSS industry guidelines, healthcare-specific legal frameworks (e.g., EMTALA,
HIPAA), NFPA life safety codes, and best practices for de-escalation, access control, and violence
prevention in clinical settings.
Questions (100 Total)
1. What is the primary role of a healthcare security officer?
A. To enforce criminal law like a police officer
B. To protect patients, staff, visitors, and property while supporting the healing
environment
C. To perform medical procedures during emergencies
D. To manage hospital finances
Rationale: According to IAHSS, the core mission of healthcare security is to ensure a safe, secure, and
therapeutic environment. Officers support clinical care by preventing disruptions, managing risks, and
responding to incidents—always prioritizing patient dignity and facility operations over enforcement.
,2. Under EMTALA, a security officer must allow which individual immediate access to the emergency
department?
A. A visitor with a gift
B. Anyone requesting a medical screening exam, regardless of ability to pay
C. Only patients with insurance
D. Staff members only
Rationale: The Emergency Medical Treatment and Labor Act (EMTALA) mandates that any
individual who comes to an emergency department and requests examination must receive a medical
screening exam. Security may not deny access based on payment status, behavior (unless violent), or
lack of identification.
3. When responding to a “Code Silver” (active shooter), the officer’s first priority is to:
A. Evacuate all patients immediately
B. Engage the threat to stop the killing
C. Lock all doors and hide
D. Call local law enforcement and wait
Rationale: Per IAHSS and DHS active shooter protocols, the immediate priority is to stop the killing.
Trained security officers are expected to move toward the threat to neutralize it, following the
“Run-Hide-Fight” model where “Fight” is the last resort but necessary when lives are at immediate risk.
4. Which action violates HIPAA when handling patient information?
A. Discussing a patient’s condition in a private office with the care team
B. Sharing a patient’s room number with an unverified caller
C. Documenting observations in the security log
D. Escorting a family member to the correct unit after verification
Rationale: HIPAA protects all protected health information (PHI), including location. Room numbers
should not be disclosed without verifying the caller’s identity and relationship to the patient.
Unauthorized disclosure can result in fines and disciplinary action.
5. During fire evacuation, the RACE protocol stands for:
, A. Run, Alert, Contain, Extinguish
B. Rescue, Alarm, Contain, Extinguish/Evacuate
C. Report, Assess, Call, Exit
D. Remove, Activate, Close, Escape
Rationale: RACE is the standard fire response in healthcare: Rescue patients in immediate danger,
Alarm (activate pull station), Contain (close doors/windows), and Extinguish if safe or Evacuate if not.
This aligns with NFPA 101 Life Safety Code requirements for healthcare facilities.
6. An infant abduction prevention measure includes:
A. Allowing unrestricted visitor access to nurseries
B. Using electronic tracking bracelets on all newborns and mothers
C. Posting birth announcements with full names
D. Leaving bassinets unattended in hallways
Rationale: IAHSS recommends electronic infant protection systems (e.g., ankle bracelets that trigger
alarms if removed or near exits). Additional measures include staff education, visitor screening, and
never leaving infants unattended. These are critical components of hospital security plans.
7. When de-escalating an agitated patient, the officer should:
A. Stand directly in front of the person and speak loudly
B. Use calm tone, open posture, and give simple choices
C. Immediately apply physical restraints
D. Ignore the behavior until it escalates
Rationale: Verbal de-escalation is the first-line response per IAHSS. Maintain a non-threatening
stance, use empathy (“I see you’re upset”), and offer limited choices (“Would you like to sit or walk with
me?”). Restraints are a last resort and require clinical authorization.
8. Which key control practice is essential in healthcare security?
A. Leaving master keys on desks for easy access
B. Maintaining a log of all key issuance and returns
